I have a situation where a message was passed as clean: Aug 2 13:53:12 10.25.1.231 amavis[7089]: (07089-06) Passed CLEAN, CF/MYNETS LOCAL [10.37.88.3] [10.37.88.3] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID: <[EMAIL PROTECTED]>, mail_id: DCea9MTrIAFS, Hits: -, queued_as: 4A548E5C10, 706 ms
But the sender was notified that the message was blocked due to invalid header. Is this possible? Using amavisd-new-2.4.3 with custom notification templates. Here's the notification, note that mail17 is 10.25.1.231 >>> <[EMAIL PROTECTED]> 08/02/07 1:53 PM >>> Subject: Email Blocked ?????? Invalid Header Message-ID: <[EMAIL PROTECTED]> Perimeter eSecurity blocked the email that contained invalid header information Below you will find more detail regarding the error. If you have any questions please contact Perimeter eSecurity at [EMAIL PROTECTED] || WHAT IS AN INVALID CHARACTER IN MAIL HEADER? The RFC 2822 standard specifies rules for forming internet messages. It does not allow the use of characters with codes above 127 to be used directly (non-encoded) in mail header (it also prohibits NUL and bare CR). If characters (e.g. with diacritics) from ISO Latin or other alphabets need to be included in the header, these characters need to be properly encoded according to RFC 2047. This encoding is often done transparently by mail reader (MUA), but if automatic encoding is not available (e.g. by some older MUA) it is the user's responsibility to avoid the use of such characters in mail header, or to encode them manually. Typically the offending header fields in this category are 'Subject', 'Organization', and comment fields in e-mail addresses of the 'From', 'To' and 'Cc'. Sometimes such invalid header fields are inserted automatically by some MUA, MTA, content checker, or other mail handling service. If this is the case, that service needs to be fixed or properly configured. Typically the offending header fields in this category are 'Date', 'Received', 'X-Mailer', 'X-Priority', 'X-Scanned', etc. If you don't know how to fix or avoid the problem, please report it to _your_ postmaster or system manager. ] Return-Path: <[EMAIL PROTECTED]> Your message <[EMAIL PROTECTED]> could not be delivered to: -- Joel Nimety Perimeter eSecurity Product Architect, Email Defense 203.541.3416 [EMAIL PROTECTED] http://www.perimeterusa.com -- The sender of this email subscribes to Perimeter eSecurity's email anti-virus service. This email has been scanned for malicious code and is believed to be virus free. For more information on email security please visit: http://www.perimeterusa.com/email-defense-content.html This communication is confidential, intended only for the named recipient(s) above and may contain trade secrets or other information that is exempt from disclosure under applicable law. Any use, dissemination, distribution or copying of this communication by anyone other than the named recipient(s) is strictly prohibited. If you have received this communication in error, please delete the email and immediately notify our Command Center at 203-541-3444. Thanks ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
